While other MediaPost newsletters and articles remain free to all ... our new Research Intelligencer service is reserved for paid subscribers ...

Subscribe today to gain access to the every Research Intelligencer article we publish as well as the exclusive daily newsletter, full access to The MediaPost Cases, first-look research and daily insights from Joe Mandese, Editor in Chief.

Advocates Want California To Beef Up New Privacy Law

Tech companies and the ad industry want Congress to override California's new
privacy law, but watchdogs say the measure should be even tougher.

“California can and should continue to lead on consumer protection, as it has for decades, with robust, thoughtful
legislation that puts people first,” the Electronic Frontier Foundation, Center for Digital Democracy, Consumer Reports and a dozen others say in a letter sent to state lawmakers this week. “To that end, the
legislature’s focus this year should be on building upon -- and clarifying when needed -- CCPA’s protections.”

The California Consumer Privacy Act, slated to take effect in
2020, requires companies to disclose data about consumers at their request, and allows consumers to opt out of the sale of their data to third parties. The bill also tasks the state attorney general
with developing enforcement regulations.

advertisement

advertisement

Earlier this year, the Association of National Advertisers, U.S. Chamber of Commerce and other groups pushed California to amend the law. Among other
changes, they wanted lawmakers to narrow the bill's definition of "personal information." The current definition includes cookies, IP addresses and web-browsing history -- which appears to cover data
used for ad targeting.

Tech companies, the Interactive Advertising Bureau and other groups also argue that states shouldn't regulate online privacy at all, and that Congress should pass a
federal privacy law that would effectively nullify the new California measure.

But consumer groups and privacy watchdogs say California should beef up its law by placing more restrictions on
companies that collect data.

“The CCPA, as drafted, does not sufficiently define or deter companies’ internal misuse of data,” the groups write.

“Data misuse
should include instances where companies themselves use information in ways that are unexpected and unwanted by individuals,” the organizations argue. “Under this definition, a social
media company would be barred from using inferences it makes about individuals’ emotional states to target them with ads, or a fitness company would be prevented from using information from an
activity app to price membership to its health club, clothing line, or food offering.”

The advocacy groups also ask lawmakers to reject requests to narrow the definition of personal
information.

“Historically, California has broadly defined protected personal information, and as technological advances make it easier to glean ever more insights from what might
otherwise appear to be trivial data, now is not the time to take away longstanding protections,” they write.